We have all heard about hacks of personal information and troves of credentials that are available for sale on the dark web. We all feel threatened by the potential that this will be used to steal our identities. But more recently, fraudsters have latched on to a new technique that is even harder to trace, yet results in a significant amount of write-offs to businesses; according to Auriemma Consulting Group, fraud related to the use of synthetic identities is responsible for 5% of charged-off accounts and approximately 20% of credit losses, amounting to an astronomical loss of $6 Billion in 2016. Moreover, this trend is expected to increase to $8 Billion by 2018, according to Javelin Strategy and Research.
How does this happen?
Usually, the creation of synthetic identities relies on a combination of stolen personal information and false details, such as a real social security number with a fake name, address, dates of birth and contact information. The combination evades standard credit check processes. Once the identity is created, the fraudster can get to work.
Fraud Methods Using Synthetic Identities
There are three primary ways that fraudsters commit fraud using synthetic identities:
- Direct Application for Credit: Once a fraudster forges a synthetic identity, he/she can apply directly to the credit card company or other lenders. The application will result in a new credit file created under the forged ID.
- Authorized User Process: Credit card issuers allow clients to add authorized users to an account (typically, spouses or children). Through social engineering, fraudsters target card owners with good credit to add other identities to their account. After a brief period, the synthetic identity is removed, yet the fraudster steals the user’s good credit history. With a synthetic identity and a stolen credit history, the fraudster can apply for several new credit cards, max them out and disappear without a trace.
- Data Furnishing: The fraudster creates a dummy company that over a period is evaluated by credit agencies and ultimately cleared to provide payment history on associated “employees”. After a certain period, the fake entity’s credit score will improve, allowing the fraudster to receive more unsecured credit from banks, unions and other lenders.
The rise of synthetic identity theft indicates that banks/financial institutions’ validation methods may not be up to par when authenticating the identities of credit applicants. However, new account fraud, using stolen or synthetic identities can be stopped using advanced detection through behavioral biometrics.
Combating Synthetic Identity Fraud with Behavioral Biometrics
BioCatch maps criminal behavior throughout the initiation process. We distinguish between a real user and an impostor by recognizing normal user behavior and fraudster behaviors. Understanding the way fraudsters behave, allows BioCatch to identify human and non-human elements in a session in real-time and prevent a potentially fraudulent application from going through.
- Application Fluency: Most fraudsters use compromised or synthetic identities to repeatedly attack a site. These actions show a fluency with the site and the process used to open a new account.
- Expert Users: Fraudsters often use advanced computer skills that are rarely seen among real users. Common examples include keyboard shortcuts and function keys.
- Low Data Familiarity: Fraudsters exhibit several behavioral patterns that suggest the data is not intuitive to them.
As Paul Bjerke, vice president, fraud and identity management, LexisNexis Risk Solutions, states in a recent press release announcing the company’s partnership with BioCatch, “Application fraud is a growing threat that cannot be addressed with static means. In light of the vast array of data breaches over the past few years, supplementing applicant-provided data with additional dynamic data sources, like behavioral biometrics, is key to addressing application fraud and account takeover.”